圖片.png
簡(jiǎn)介
中小型產(chǎn)品項(xiàng)目芜抒,如果能將本地的開(kāi)發(fā)環(huán)境與生產(chǎn)的部署環(huán)境達(dá)成一致的話,會(huì)很方便運(yùn)維托启、測(cè)試宅倒,也可以說(shuō)是小團(tuán)隊(duì)和獨(dú)立開(kāi)發(fā)者很好的解決方案。我的一些中小型項(xiàng)目就沒(méi)有采用一些常規(guī)的運(yùn)維屯耸、測(cè)試解決方案拐迁,而是利用 traefik + Docker 容器來(lái)實(shí)現(xiàn),經(jīng)過(guò)多個(gè)項(xiàng)目的實(shí)踐相信這是另一種很實(shí)用的工作方法疗绣,現(xiàn)將一些配置的要點(diǎn)總結(jié)如下:
準(zhǔn)備
- 本地安裝 docker线召,參見(jiàn)官方文檔找到對(duì)應(yīng)的系統(tǒng)平臺(tái)
https://docs.docker.com/install/#supported-platforms - 配置 docker 加速,推薦 daocloud 的加速服務(wù)
https://www.daocloud.io/mirror
開(kāi)始
一多矮、配置 traefik v2
建立如下目錄
.
├── acme.json
├── docker-compose.yml
├── dynamic_conf.toml
├── logs # 日志會(huì)自動(dòng)生成
│ ├── access.log
│ └── traefik.log
├── ssl
│ ├── caixie.top.crt
│ ├── caixie.top.key
└── traefix.toml
1. 配置 docker-compose.yml 編排文件缓淹,內(nèi)容如下
version: '3'
services:
reverse-proxy:
image: traefik:v2.0.1
container_name: "traefik"
restart: always
labels:
- traefik.enable=true
- traefik.docker.network=traefik
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
# ./acme.json:/acme.json
- ./logs:/var/log
- ./dynamic_conf.toml:/dynamic_conf.toml
- ./ssl:/data/ssl/
networks:
- default
- traefik
whoami:
# A container that exposes an API to show its IP address
image: containous/whoami
labels:
# 聲明公開(kāi)此容器訪問(wèn)
- "traefik.enable=true"
# 服務(wù)將響應(yīng)的域
- "traefik.http.routers.whoami.rule=Host(`whoami.caixie.top`)"
# 只允許來(lái)自預(yù)定義的入口點(diǎn)“web”的請(qǐng)求
- "traefik.http.routers.whoami.entrypoints=web, web-secure"
- traefik.docker.network=traefik
networks:
- default
- traefik
networks:
traefik:
external: true
2 traefik 靜態(tài)配置, traefik.toml 文件內(nèi)容如下
## traefik.toml
## Static configuration
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[entryPoints.traefik]
address = ":8000"
[providers]
[providers.docker]
# 限制服務(wù)發(fā)現(xiàn)范圍
# 如果設(shè)置為 false, 則沒(méi)有 traefik.enable=true 標(biāo)簽的容器將從生成的路由配置中忽略
exposedByDefault = false
network = "traefik"
[providers.file]
filename = "dynamic_conf.toml"
watch = true
[retry]
[api]
# dashboard = true
# insecure = true
#debug = true
[ping]
3 traefik 動(dòng)態(tài)配置, dynamic_conf.toml 內(nèi)容如下
## Dynamic configuration
[http.routers.api]
rule = "Host(`d.caixie.top`)"
entrypoints = ["web-secure"]
service = "api@internal"
middlewares = ["myAuth"]
[http.routers.api.tls]
# 用戶:test 密碼:test
[http.middlewares.myAuth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
]
[tls]
[[tls.certificates]]
certFile = "/data/ssl/caixie.top.crt"
keyFile = "/data/ssl/caixie.top.key"
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "/data/ssl/caixie.top.crt"
keyFile = "/data/ssl/caixie.top.key"
4 啟動(dòng) treafik 服務(wù)
docker-compose up -d
5 進(jìn)入 Dashboard 管理頁(yè)面
瀏覽器打開(kāi)剛配置的 d.caixie.top 出現(xiàn)類似如下頁(yè)面就成功配置了:
Traefik Dashboard
二、 應(yīng)用端配置
1 示例: API 服務(wù)端
# Dockerfile 文件
#FROM mhart/alpine-node:12
FROM node:10-alpine
# 設(shè)置鏡像作者
#MAINTAINER baisheng <baisheng@gmail.com>
# 設(shè)置時(shí)區(qū)
RUN sh -c "echo 'Asia/Shanghai' > /etc/timezone"
# 使用 aliyun 倉(cāng)庫(kù)加速
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
# 以下軟件根據(jù)實(shí)際情況選擇是否安裝
RUN apk add --no-cache make gcc g++ python git
# Nodejs 服務(wù)的淘寶源配置
RUN npm config set registry https://registry.npm.taobao.org && \
npm config set disturl https://npm.taobao.org/dist && \
npm config set electron_mirror https://npm.taobao.org/mirrors/electron/ && \
npm config set sass_binary_site https://npm.taobao.org/mirrors/node-sass/ && \
npm config set phantomjs_cdnurl https://npm.taobao.org/mirrors/phantomjs/
RUN npm install --global node-gyp
#
WORKDIR /home/node/app
COPY package.json .
COPY package-lock.json /home/node/app
RUN npm ci
COPY . /home/node/app
RUN npm run build
EXPOSE 80
docker-compose 編排文件
# docker-compose.yml
# 根據(jù)項(xiàng)目用到的軟件情況進(jìn)行編排配置
version: '3.7'
services:
redis:
image: bitnami/redis:latest
environment:
- ALLOW_EMPTY_PASSWORD=yes
- REDIS_DISABLE_COMMANDS=FLUSHDB,FLUSHALL
ports:
- 6379:6379
volumes:
- redis_data:/bitnami/redis/data
networks:
- db-tier
mongodb:
image: bitnami/mongodb:latest
volumes:
- mongodb_data:/bitnami
ports:
- 27017:27017
networks:
- db-tier
# 應(yīng)用配置
baisheng.api:
build:
context: .
dockerfile: Dockerfile
volumes:
- ./:/app
- /app/node_modules
depends_on:
- mongodb
- redis
networks:
- traefik
- db-tier
- default
command: yarn start:prod
labels:
# 聲明公開(kāi)此容器訪問(wèn)
- "traefik.enable=true"
- "traefik.http.routers.baisheng-server.entrypoints=web, web-secure"
- "traefik.http.routers.baisheng-server.tls=true"
- "traefik.http.routers.baisheng-server.rule=Host(`api.caixie.top`)"
- "traefik.docker.network=traefik"
volumes:
redis_data:
# 大部分情況為本地驅(qū)動(dòng)塔逃,除有外部存儲(chǔ)的情況讯壶,需要單獨(dú)配置
# https://docs.docker.com/compose/compose-file/#driver
driver: local
mongodb_data:
driver: local
# 與 traefik v2 基礎(chǔ)服務(wù)在同一網(wǎng)絡(luò)
networks:
db-tier:
traefik:
external: true
name: traefik
2 示例: 應(yīng)用WEB端
# Dockerfile 文件
FROM baisheng/alpine-node:12
WORKDIR /app
COPY . .
RUN npm install
EXPOSE 3000
3 docker-compose 編排文件
version: '3.7'
services:
website:
# image: mhart/alpine-node:12
# working_dir: /app
environment:
# - NODE_ENV=production
- NODE_ENV=development
build:
context: .
dockerfile: Dockerfile
volumes:
- ./:/app
- /app/node_modules
networks:
- traefik
command: yarn dev
# command: sh docker-entrypoint.sh
# ports:
# - 3001:80
labels:
- "traefik.enable=true"
- "traefik.http.routers.baisheng-website.entrypoints=web, web-secure"
# 禁止非安全請(qǐng)求
- "traefik.http.routers.baisheng-website.tls=true"
- "traefik.http.routers.baisheng-website.rule=Host(`www.caixie.top`)"
- "traefik.docker.network=traefik"
networks:
traefik:
external: true
4 查看配置是否成功
進(jìn)入 dashboard 到 http 標(biāo)簽選項(xiàng)卡中查看是否已正確發(fā)現(xiàn)你的應(yīng)用配置,如果出現(xiàn)配置信息湾盗,表示應(yīng)用配置成功:
Dashboard HTTP
重要說(shuō)明
- networks 需要在同一網(wǎng)絡(luò)伏蚊,網(wǎng)絡(luò)之間的子應(yīng)用才能正確通訊
- 如果 treafik 的服務(wù)器發(fā)現(xiàn)設(shè)置為 exposeByDefault=false,需要由 treafik 管理的應(yīng)用需要設(shè)置 treafik.enable=true
- 如果應(yīng)用采用 docker 編排格粪,應(yīng)用的啟動(dòng)IP設(shè)置應(yīng)為 0.0.0.0 否則無(wú)法解析應(yīng)用域名訪問(wèn)
